Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-25 11:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
479,026 Commits 615 Branches 98 Tags 5.9 GiB
97604746eb
Commit Graph

3997 Commits

Author SHA1 Message Date
Aidin Gharibnavaz
686438c658 Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley 2016-02-10 08:23:00 +01:00
David Keeler
5ceb0c8a89 bug 1246765 - remove unnecessary resource://app/ registration from getHSTSPreloadList.js r=Cykesiopka DONTBUILD NPOTB 2016-02-08 12:56:34 -08:00
Cykesiopka
19922e4976 Bug 503515 - Try and ensure exported certificates include an extension by default. r=keeler 
--HG--
extra : rebase_source : b3d595ae962d70afc208b34afe616b6ef88133a8
 2016-02-09 00:17:00 +01:00
Carsten "Tomcat" Book
5b358688b7 Backed out changeset c18e29c1b369 (bug 1164581) for cpp unit tests test failures 
--HG--
extra : rebase_source : fb6fd434c8e3f4b5fa53ea645a54c07cab207894
 2016-02-08 11:17:38 +01:00
Masatoshi Kimura
7c3a491022 Bug 1247250 - Enable TLS 1.3 anti-downgrade on non-secure fallback. r=keeler 2016-02-24 19:35:00 +09:00
Aidin Gharibnavaz
69cf7e035f Bug 1164581 - Adding an overload for NS_ProxyRelease that accepts already_AddRefed, and removing all the others. r=bobbyholley 
--HG--
extra : rebase_source : 3c6bba6613a14e48239d302bdd0f7fe2e322265d
 2016-02-07 10:56:00 +01:00
Cykesiopka
7e014d6be0 Bug 1243182 - Enable eslint "space-infix-ops" rule for PSM. r=keeler 
Also includes minor cleanups.
 2016-02-06 21:05:02 -08:00
Cykesiopka
6a5e8155c8 Bug 1064402 - Part 2: Remove nsIX509CertDB.importServerCertificate() and nsIX509Cert::SERVER_CERT support in importCertsFromFile(). r=keeler 2016-02-06 20:41:11 -08:00
Cykesiopka
370bac0f07 Bug 1064402 - Part 1: Remove Import button in Servers tab of the Certificate Manager. r=keeler 
It no longer serves any useful purpose:
1. It is no longer possible to add explicit trust for server certs post Bug 825583.
1A. The Add Exception feature is better suited for this anyways.
2. It isn't possible to set explicit distrust in the Cert Manager, only remove explicit trust.
3. Importing may also inadvertently cause verification failures (see Bug 1202636).
 2016-02-06 20:40:57 -08:00
Cykesiopka
1e1cca77d4 Bug 1243180 - Enable eslint "no-trailing-spaces" rule for PSM. r=keeler 
Also does some minor cleanup.
 2016-02-03 01:51:00 +01:00
simplyblue
addf646a4c Bug 1241646 - remove unused token arguments from nsIX509CertDB r=keeler 2016-01-30 13:50:58 +05:30
Mark Goodwin
282a183d55 Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler 
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
 2016-01-30 08:07:38 +00:00
Kyle Huey
91efc5a86c Bug 1241764: Replace nsPIDOMWindow with nsPIDOMWindowInner/Outer. r=mrbkap,smaug 2016-01-30 09:05:36 -08:00
Wes Kocher
543c164cdc Backed out 2 changesets (bug 1241821) for android build bustage CLOSED TREE 
Backed out changeset ae7246d654c8 (bug 1241821)
Backed out changeset bdecb787f1a2 (bug 1241821)

--HG--
extra : commitid : HdwYW6HntXi
 2016-01-29 14:57:27 -08:00
Wes Kocher
1f2034ed37 Followup to Bug 1241821 - ESLint fix 
--HG--
extra : commitid : 5Pf2Sf7gxj9
 2016-01-29 14:36:13 -08:00
Mark Goodwin
e7ee60296d Bug 1241821 - Create a SecurityReporter component for TLS Error Reports r=mossop, keeler 
This takes the TLS Error Reporting functionality used in the aboutNetError.xhtml
and aboutCertError.xhtml error pages and moves it to its own component. This
allows us to make use of this same error reporting functionality from elsewhere.
Notably, this allows us to send error reports for issues that occur when loading
subresources.
The xpcshell test included is in security/manager/ssl/tests because we need to
make use of tlsserver functionality from the PSM tests.
 2016-01-29 13:45:17 +00:00
Wes Kocher
a40af4aa59 Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE 
--HG--
extra : commitid : B8zmd9Xadpz
 2016-01-29 10:15:34 -08:00
Bill McCloskey
c663839ade Bug 1240871 - Don't allow implicit "async" in IPDL (r=mccr8,billm) 2016-01-28 20:56:37 -08:00
sajitk
1b0525a9d3 Bug 1219482 - Replace PRLogModuleInfo with LazyLogModule in security subdirectory. r=froydnj 
--HG--
extra : rebase_source : 7aed4d8669dccd1270a88a0cacfa254e3b9f5950
 2016-01-28 10:36:00 -05:00
David Keeler
1890b549c4 bug 1242032 - change some pipnss logging output from Debug to Verbose r=Cykesiopka 
Logging output that happens with every TLS socket poll, read, or write
should really be Verbose, not Debug.

--HG--
extra : amend_source : 455a72faa041e51b5356410d7c216aa1fdadc6c6
 2016-01-27 13:04:33 -08:00
David Keeler
32b5d6c545 bug 1241317 - gather telemetry on prevalence of FIPS r=jcj r=vladan 2016-01-21 11:22:12 -08:00
Carsten "Tomcat" Book
92b2943e68 Merge mozilla-central to mozilla-inbound 2016-01-27 12:10:56 +01:00
Carsten "Tomcat" Book
b9e929e1a7 merge mozilla-inbound to mozilla-central a=merge 2016-01-27 11:59:49 +01:00
Cykesiopka
7ccd56ad60 Bug 1242254 - Enable initial set of eslint rules for PSM. r=dkeeler 
These rules are copied from toolkit/.eslintrc (with non-passing rules excluded and previously commented out and passing rules included).

--HG--
extra : rebase_source : 0afa42350cc961cbb3cf6d985b3978f4dc5d3dcb
 2016-01-24 02:35:36 -08:00
Cykesiopka
c9747f9ecf Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=keeler 2016-01-26 20:23:00 +01:00
Gijs Kruitbosch
90dcd6df86 Bug 1241614 - don't overflow:auto the container, use em to size the dialog to avoid hidpi visibility issues, r=dolske,ttaubert 
--HG--
extra : commitid : DaBFhFU1YtS
extra : rebase_source : 28c1f92fcabe8a46fe40e805a763f7a508b592c0
 2016-01-22 11:18:54 +00:00
David Keeler
263b6bd7fe bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman 
--HG--
extra : rebase_source : 3a20138211bfab811fb3adb2d7b0030a3b742b3b
 2016-01-22 14:49:39 -08:00
Patrick McManus
e9fb442d3d Bug 1240168 - weak_crypto test assumed blocking semantics from main thread r=keeler 2016-01-15 15:30:20 -05:00
Cykesiopka
adf7436ccc Bug 1235089 - Split out OCSP Must Staple tests from test_ocsp_stapling.js to avoid intermittent time outs. r=keeler 
test_ocsp_stapling.js can take ~290s to run on e.g. b2g-emu-x86-kk, which is very close to the default 300s limit.
Splitting out some tests should reduce the intermittent time outs.

--HG--
rename : security/manager/ssl/tests/unit/test_ocsp_stapling.js => security/manager/ssl/tests/unit/test_ocsp_must_staple.js
 2016-01-24 02:24:00 -05:00
Phil Ringnalda
a747e7e178 Merge m-i to m-c, a=merge 2016-01-23 17:42:50 -08:00
ffxbld
09dc03c5a7 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2016-01-23 04:36:34 -08:00
ffxbld
3da59d3c6d No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2016-01-23 04:36:32 -08:00
Cykesiopka
e2fe0b8f62 Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints directly instead of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler 2016-01-20 20:45:29 -08:00
Cykesiopka
638ba07af3 Bug 1233328 - Part 1: Ignore SHA-1 pins in PublicKeyPinningService.cpp. r=keeler 2016-01-20 20:40:01 -08:00
Sylvestre Ledru
ab4e3a0d42 Bug 1218816 - Remove useless semicolons. Found by coccinelle. r=Ehsan 
--HG--
extra : rebase_source : 7d2cc56b6553cd7a8d848d3c660f30735bd82eec
 2016-01-22 16:58:49 +01:00
David Keeler
2af33cad3c bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka 
--HG--
extra : rebase_source : 43ceae97c5188fff16e18a66d25a9fdba320bcc8
 2016-01-15 14:33:56 -08:00
David Keeler
113252b726 bug 1239455 - rework telemetry for SHA-1 certificates to reflect possible policy states r=Cykesiopka,mgoodwin,rbarnes 
Before this patch, we were measuring where SHA-1 was being used in TLS
certificates: nowhere, in end-entities, in intermediates, or in both. However,
the possible SHA-1 policies don't differentiate between end-entities and
intermediates and instead depended on whether or not each certificate has a
notBefore value after 2015 (i.e. >= 0:00:00 1 January 2016 UTC). We need to
gather telemetry on the possible policy configurations.

--HG--
extra : rebase_source : 301c821c8de16ffb924cd198dd0a4d3139536019
 2016-01-13 12:50:42 -08:00
Tim Taubert
38e4db6e5e Bug 1191936 - Implement RSA-PSS signing and verification r=rbarnes,smaug 2015-10-13 20:22:43 +02:00
Ryan VanderMeulen
7d1bbd8088 Merge inbound to m-c. a=merge 2016-01-17 14:37:29 -05:00
ffxbld
45b07b40c1 No bug, Automated HPKP preload list update from host bld-linux64-spot-439 - a=hpkp-update 2016-01-16 04:03:46 -08:00
ffxbld
a2da16b4a2 No bug, Automated HSTS preload list update from host bld-linux64-spot-439 - a=hsts-update 2016-01-16 04:03:44 -08:00
Jan de Mooij
68d44577b4 Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler 2016-01-13 22:05:08 +01:00
David Keeler
17c8d8e45c bug 1232766 - update the preloaded pinset for Google domains r=rbarnes 
Also includes a script for making this process faster in the future.
 2015-12-28 12:30:14 -08:00
ffxbld
9c54b2fdae No bug, Automated HPKP preload list update from host bld-linux64-spot-506 - a=hpkp-update 2016-01-09 04:38:50 -08:00
ffxbld
98b790fabc No bug, Automated HSTS preload list update from host bld-linux64-spot-506 - a=hsts-update 2016-01-09 04:38:48 -08:00
Shu-yu Guo
1768759efb Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm) 2016-01-06 16:02:16 -08:00
David Keeler
83aec61b67 bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj 
nsIKeyObject and nsIKeyObjectFactory defined an interface that was largely
unimplemented. This cuts the interface back to what actually exists in code.

--HG--
extra : rebase_source : 6241e801c3bd7f17518af648158fcfdcd0bda9cf
 2015-12-04 10:36:51 -08:00
David Keeler
3da7665447 bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown r=jcj 
--HG--
extra : rebase_source : 869dfb9450224677a05ac8566056872e8ff82c82
 2015-12-03 16:22:34 -08:00
Ehsan Akhgari
1f26ea8aca Bug 1214305 - Part 10: Clean up global DataStorage references in the child process; r=keeler 2016-01-04 16:30:02 -05:00
ffxbld
67ff8ead96 No bug, Automated HPKP preload list update from host bld-linux64-spot-389 - a=hpkp-update 2016-01-02 04:05:33 -08:00
ffxbld
5b3f84c48b No bug, Automated HSTS preload list update from host bld-linux64-spot-389 - a=hsts-update 2016-01-02 04:05:31 -08:00
Chris Peterson
4034ee65b8 Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler 
security/certverifier/NSSCertDBTrustDomain.cpp:282:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsNSSComponent.cpp:149:3 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
security/manager/ssl/nsSecureBrowserUIImpl.cpp:1406:5 [-Wimplicit-fallthrough] unannotated fall-through between switch labels
 2015-12-25 00:03:35 -07:00
ffxbld
eb1ef42d57 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2015-12-26 04:05:29 -08:00
ffxbld
3af3c75cc9 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2015-12-26 04:05:27 -08:00
Mike Hommey
d7478b6b1e Bug 1234955 - Make TEST_DIRS a SPECIAL_VARIABLE. r=gps 
Using TEST_DIRS is nothing more than a shortcut for

if CONFIG['ENABLE_TESTS']:
    DIRS += [...]

As such, we might as well remove it being a separate variable, and use some
Context magic to just fill DIRS when ENABLE_TESTS is set.

The security/manager/ssl/tests/unit/moz.build change ensures that the order
of DIRS before the change is kept, not because it matters, but because it
allows to confirm that nothing else is modified by this change.
 2015-12-24 13:12:49 +09:00
Wes Kocher
b71c3763d0 Backed out changeset f103fd636405 (bug 1232582) for b2g debug xpcshell failures in test_name_constraints.js 2015-12-21 11:01:22 -08:00
Carsten "Tomcat" Book
537c84d51c Merge mozilla-central to mozilla-inbound 2015-12-21 11:54:26 +01:00
ffxbld
0349798a7f No bug, Automated HPKP preload list update from host bld-linux64-spot-573 - a=hpkp-update 2015-12-19 04:09:26 -08:00
ffxbld
beab6972e5 No bug, Automated HSTS preload list update from host bld-linux64-spot-573 - a=hsts-update 2015-12-19 04:09:24 -08:00
Cykesiopka
20d4ccd20d Bug 1232582 - Sort PSM xpcshell.ini and fix --tag psm to actually run all tests. r=dkeeler 
--HG--
extra : transplant_source : X%02%F1%9Cq%90%8B%0D%04K%C1%1E%A0%BB%F5%7D%2Bs%1BQ
 2015-12-17 07:55:54 -08:00
Cykesiopka
05919374b8 Bug 1229284 - Remove support for SHA-1 hashes in genHPKPStaticPins.js. r=keeler 2015-12-17 07:52:00 +01:00
Nick Alexander
151142df55 Bug 1227248 - Part 2: Add GeneratedTest{Certificate,Key} mozbuild templates. r=gps 
--HG--
extra : commitid : 793A1duvlom
extra : rebase_source : 5a8fa9f0fb76dceb19525986381cb2a28676601b
extra : histedit_source : aebc6e99e83aaafba08626517850ff4ee23e4c82
 2015-12-14 11:50:56 -08:00
Masatoshi Kimura
4bd144165f Bug 1224875 - Enable TLS extended master secret. r=keeler 2015-12-13 12:09:18 +09:00
ffxbld
d729dd725a No bug, Automated HPKP preload list update from host bld-linux64-spot-1077 - a=hpkp-update 2015-12-12 04:08:02 -08:00
ffxbld
28f9941a1a No bug, Automated HSTS preload list update from host bld-linux64-spot-1077 - a=hsts-update 2015-12-12 04:08:00 -08:00
Magnus Melin
b3dba24f5a Bug 1200567 - ensure shipped blocklist.xml doesn't affect the test_cert_blocklist.js. r=dkeeler 
Caused comm-central TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_cert_blocklist.js | - revocations.txt should be as expected
 2015-12-10 19:08:09 +02:00
Ryan VanderMeulen
ec5f2e23e7 Merge m-c to inbound. a=merge 
--HG--
rename : browser/.eslintrc => storage/.eslintrc
rename : devtools/.eslintrc => toolkit/components/extensions/.eslintrc
extra : rebase_source : 5b2d39a455c81a001bd26e7bc85e7fbacdb79171
 2015-12-05 15:27:33 -05:00
Ryan VanderMeulen
289a16635a Merge fx-team to m-c. a=merge 2015-12-05 15:09:41 -05:00
ffxbld
4dd525a926 No bug, Automated HPKP preload list update from host bld-linux64-spot-049 - a=hpkp-update 2015-12-05 04:05:19 -08:00
ffxbld
d2a4d282da No bug, Automated HSTS preload list update from host bld-linux64-spot-049 - a=hsts-update 2015-12-05 04:05:17 -08:00
Carsten "Tomcat" Book
df451fe7b0 merge mozilla-inbound to mozilla-central a=merge 2015-12-03 12:00:42 +01:00
ffxbld
d661411aa5 No bug, Automated HPKP preload list update from host bld-linux64-spot-369 - a=hpkp-update 2015-12-02 14:59:16 -08:00
ffxbld
eb8afa37f2 No bug, Automated HSTS preload list update from host bld-linux64-spot-369 - a=hsts-update 2015-12-02 14:59:14 -08:00
Panos Astithas
92b2551106 Bug 1207146 - Add a link to expert technical information in the cert error page. r=Gijs,keeler 2015-12-04 19:46:13 +02:00
Mike Hommey
4005d567f9 Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler 2015-12-02 11:04:37 +09:00
Xidorn Quan
fb855297f6 Bug 1229587 part 2 - Use verbose format to disable C4061 to workaround bug of VS2015u1. r=keeler 
--HG--
extra : source : 96b812b70961a22ae01a377eb9aaaf405ed13349
 2015-12-03 09:29:42 +11:00
Cykesiopka
cb705a63a6 Bug 1224968 - Support public key input to unbreak periodic HPKP updates. r=keeler 
be448badb1%5E!/#F0 switched SHA1 hashes to public keys for static pins. This broke genHPKPStaticPins.js and thus periodic HPKP updates, since the file doesn't handle public keys.

The changes here mostly mirror ba1f296240.
 2015-12-01 00:30:00 +01:00
Cykesiopka
ee7d82a508 Bug 1228794 - Convert test_getchain.js to generate certificates at build time. r=keeler 
With this change, CertUtils.py is no longer needed.

--HG--
extra : rebase_source : 2e7c7f82c17fd44d97fc68f657f3c313f4b4d125
 2015-12-01 00:28:00 +01:00
Bogdan Postelnicu
d61cdc0082 Bug 1228346 - initialize mOCSPMustStapleEnabled in constructor. r=dkeeler 
--HG--
extra : rebase_source : be8c14f84b53f6e546ff242b40208ec3a1f1be03
 2015-11-26 07:40:00 +01:00
David Keeler
a328c0c4e8 bug 986956 - only ever initialize NSS once per process r=Cykesiopka r=mgoodwin 
As a consequence, if NSS is initialized when there is no profile directory, NSS
will not persist changes. Other failures may occur (e.g. see bug 1216882).
 2015-11-19 13:31:52 -08:00
Mark Goodwin
7c0ac05619 Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler 
--HG--
extra : commitid : 5UjOTtwGffb
extra : rebase_source : 3ab4f4702056bde2fc6a1c4b22f5ed6abc59b918
 2015-11-26 16:57:21 +00:00
Ben Bucksch
2572e8c3db Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal 2015-11-24 22:56:00 +01:00
Carsten "Tomcat" Book
5f1ac1afb3 merge mozilla-inbound to mozilla-central a=merge 2015-11-23 14:08:50 +01:00
ffxbld
8ad105e9a0 No bug, Automated HPKP preload list update from host bld-linux64-spot-1073 - a=hpkp-update 2015-11-21 03:49:57 -08:00
ffxbld
71a59e9585 No bug, Automated HSTS preload list update from host bld-linux64-spot-1073 - a=hsts-update 2015-11-21 03:49:55 -08:00
David Keeler
05b2bbbd51 bug 1230234 - fix a leak in client auth certificate handling r=Cykesiopka 
Looks like this was essentially a copy/paste error. See changeset 04b4ea333800,
which appears to have landed as part of bug 675221 (the bug number annotation in
that commit message is incorrect).
 2015-12-03 12:43:23 -08:00
Mark Goodwin
854efb9851 Bug 1224467 - Add a preference for controlling whether oneCRL blocklists are updated via AMO. Also add a test. r=keeler,mossop 2015-11-18 11:53:54 +00:00
Carsten "Tomcat" Book
a22ff2640a Merge mozilla-central to mozilla-inbound 2015-11-17 12:33:46 +01:00
Carsten "Tomcat" Book
6f7666a6c8 merge fx-team to mozilla-central a=merge 2015-11-17 12:10:03 +01:00
ffxbld
869bf240ee No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update 2015-11-17 00:44:58 -08:00
ffxbld
a3e192d586 No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update 2015-11-17 00:44:56 -08:00
Cykesiopka
af62dfe8e5 Bug 1224478 - Replace do_check_* calls with their Assert.jsm equivalents in PSM xpcshell tests. r=keeler 
Also replaces if-do_throw() blocks with equivalent Assert.jsm method calls.
 2015-11-16 22:53:00 +01:00
Wes Kocher
c0ece6bf0d Merge m-c to fx-team, a=merge 
--HG--
extra : commitid : 2bzybQqlwy0
 2015-11-16 17:28:26 -08:00
Panos Astithas
d9c75611cd Make 'Go Back' button work even when there is nothing to go back to (bug 1221084); r=paolo 2015-11-16 15:37:27 +02:00
Cykesiopka
c10edfff85 Bug 1224481 - Comment out CA certs removed in NSS 3.21 in PreloadedHPKPins.json to keep periodic Static HPKP updates working. r=dkeeler 
--HG--
extra : transplant_source : %EAM%5D1%93%28H%BA%82%C0%0F%BB%3D%9E%40%8B%BCx%EB%03
 2015-11-13 07:28:28 -08:00
Cykesiopka
fedad480ea Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler 2015-11-13 07:42:00 +01:00
David Keeler
eae048cea6 bug 1222179 - remove unnecessary observation topics in nsNSSComponent r=Cykesiopka 
nsNSSComponent would (unnecessarily) observe "profile-change-net-teardown" and
"profile-change-net-restore". Now it no longer does.
 2015-11-12 16:21:33 -08:00
Mark Goodwin
9f468cf8f0 Bug 921907 - Enable OCSP must-staple. r=keeler 
--HG--
extra : commitid : LvP86DDj772
extra : rebase_source : e06438c614c00fd9d77ca88886368948f13d6454
extra : histedit_source : f72078bac3dd14d4166ddd3bf24b582b13de1519
 2015-11-20 11:44:25 +00:00
Mark Goodwin
a954826958 Bug 901698 - Some tests for OCSP-must-staple; r=keeler 2015-11-13 16:49:09 +00:00
Mark Goodwin
31adb1a5c5 Bug 901698 - Implement OCSP-must-staple; r=keeler 2015-11-13 16:49:08 +00:00
Wes Kocher
ea2623adb5 Merge m-c to inbound, a=merge 
--HG--
extra : commitid : 93SodIi80b2
 2015-11-11 17:12:26 -08:00
Masatoshi Kimura
fa64c65e7c Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler 2015-11-11 23:13:34 +09:00
Masatoshi Kimura
4b8e5ced0f Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler 2015-11-12 07:18:37 +09:00
Ehsan Akhgari
eac2db7101 Bug 1215723 - Part 5: Add an automated test; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
eb4d13fb3b Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
78ee50aca4 Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
9aa975d49d Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
3810eb599b Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler 
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
 2015-11-02 12:33:00 -05:00
David Keeler
29b3d15dde bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg 2015-10-30 10:37:22 -07:00
Wes Kocher
4c7afc9339 Backed out 5 changesets (bug 1215723) for android S4 bustage 
Backed out changeset 2a945ce1cd40 (bug 1215723)
Backed out changeset dd7f58b60ddc (bug 1215723)
Backed out changeset 62dbb95bd79a (bug 1215723)
Backed out changeset b31ac98bb3c8 (bug 1215723)
Backed out changeset 228cdfaa82c1 (bug 1215723)

--HG--
extra : commitid : 70ygtTBi2V5
 2015-11-06 15:19:35 -08:00
Ehsan Akhgari
334376c936 Bug 1215723 - Part 5: Add an automated test; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
498c385ee1 Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
06479e6793 Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
999f1ba408 Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
6e561438d9 Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler 
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
 2015-11-02 12:33:00 -05:00
David Keeler
7380482a28 bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj 2015-10-26 16:02:19 -07:00
Wes Kocher
37b7f2920b Backed out changeset ae1885cf1fd6 (bug 1218596) for windows build bustage CLOSED TREE 
--HG--
extra : commitid : 6GZJDFkoL81
 2015-11-05 17:48:53 -08:00
Mike Hommey
762aba02cd Bug 1221453 - Use ObjDirPaths for GENERATED_INCLUDES and merge with LOCAL_INCLUDES. r=gps 2015-11-06 09:59:21 +09:00
David Keeler
9d11e85ed9 bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj 2015-10-26 16:02:19 -07:00
Chris Manchester
8ffd9ff2ed Bug 1218999 - Back out changeset 5f32b2bcfa43 (bug 1188468) in favor of a more efficient solution. r=glandium 
Bug 118468 landed an option for FileAvoidWrite to always write to an output
file, whether or not the contents would be changed. This was to address a
problem caused by not updating mtimes when building GENERATED_FILES, but
undoes the purpose of FileAvoidWrite and isn't really necessary.
This is addressed in a subsequent commit by unconditionally updating
mtimes when processing GENERATED_FILES.

--HG--
extra : commitid : AfOhgUstokq
 2015-11-03 10:23:04 -08:00
Cykesiopka
34ca9c027f Bug 1110935 - Part 3 - Remove now unnecessary temp variables. r=keeler 2015-11-02 22:11:00 +01:00
Cykesiopka
f625d9c9b9 Bug 1110935 - Part 2 - Remove ReentrantMonitor and ReentrantMonitorAutoEnter uses. r=keeler 2015-11-02 22:10:00 +01:00
Cykesiopka
9e34144349 Bug 1110935 - Part 1 - Assert we're on the main thread on public methods. r=keeler 2015-11-02 22:09:00 +01:00
Birunthan Mohanathas
9985829ecc Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj 2015-11-02 07:53:26 +02:00
Cykesiopka
581125e850 Bug 1186817 - Replace nsBaseHashtable::EnumerateRead() calls in security/ with iterators. r=keeler 
--HG--
extra : histedit_source : ec44c79c05d3fb73cd720a9d5315ff781af812f1
 2015-10-30 07:50:09 -07:00
David Keeler
1443993537 bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB 
pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
 2015-10-26 14:39:25 -07:00
Birunthan Mohanathas
44936aabb2 Bug 1217320 - Remove more XPIDL signature comments in .cpp files. r=froydnj 
Comment-only, DONTBUILD.
 2015-10-27 06:54:25 +02:00
David Keeler
3b82e8f390 bug 1217602 - remove nsIPKIParamBlock r=Cykesiopka 
nsIPKIParamBlock was unnecessary.
 2015-10-22 13:11:40 -07:00
ffxbld
53f7cca550 No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update 2015-10-24 03:47:13 -07:00
ffxbld
dfb1f8693f No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update 2015-10-24 03:47:11 -07:00
Cykesiopka
4ec261d0e7 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler 2015-10-23 05:13:00 -04:00
David Keeler
23a0cee1a8 bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 
nsPSMUITracker was problematic. Apparently it was originally intended to prevent
NSS shutdown while NSS-related UI operations were going on (such as choosing a
client certificate). However, when nsNSSComponent would receive the event that
told it to shutdown NSS, it would attempt to call
mShutdownObjectList->evaporateAllNSSResources(), which would call
mActivityState.restrictActivityToCurrentThread(), which failed if such a UI
operation was in progress. This actually prevented the important part of
evaporateAllNSSResources, which is the releasing of all NSS objects in use by
PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure
and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where
it thought it was okay to keep using the NSS objects it had when in fact it
wasn't.
In any case, nsPSMUITracker isn't really necessary as long as we have the
nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should
use instead (or not at all, if no such lock is needed for the operation being
performed (for example, if no NSS functions are being called)).
 2015-10-16 14:31:57 -07:00
Andrew McCreight
0cb71c483c Bug 1157515 - CipherSuiteChangeObserver should clean itself up. r=keeler 2015-10-22 09:21:51 -07:00
Masatoshi Kimura
6ad41c8aee Bug 1215796 - Remove the static fallback whitelist. r=keeler 2015-10-22 21:37:40 +09:00
Masatoshi Kimura
5feda64143 Bug 1214981 - Disable output stream buffering. r=keeler 2015-10-21 15:23:00 -04:00
Wes Kocher
ceefa2939a Merge b2ginbound to central, a=merge 2015-10-21 16:37:24 -07:00
J. Ryan Stinnett
7eceb8f4c5 Bug 1203159 - Clean up various tests after DevTools resource move. r=me 2015-10-21 14:18:29 -05:00
Jonathan Hao
e4b1f62b85 Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin 2015-10-08 17:08:45 +08:00
Masatoshi Kimura
886c72f81f Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL 2015-10-20 20:29:56 +09:00
Carsten "Tomcat" Book
ea5d701c66 Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures 2015-10-20 12:40:18 +02:00
Cykesiopka
f21d36e95a Bug 1215779 - Remove broken (non-EC) DSA keygen code. r=keeler 2015-10-19 22:54:00 +02:00
Cykesiopka
fa99ba4063 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler 
--HG--
extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c
 2015-10-17 09:04:43 -07:00
Nathan Froyd
01583602a9 Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout.  The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.

CLOSED TREE makes big refactorings like this a piece of cake.

 # The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    xargs perl -p -i -e '
 s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
 s/nsRefPtr ?</RefPtr</g;   # handle declarations and variables
'

 # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h

 # Handle nsRefPtr.h itself, a couple places that define constructors
 # from nsRefPtr, and code generators specially.  We do this here, rather
 # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
 # things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
     mfbt/nsRefPtr.h \
     xpcom/glue/nsCOMPtr.h \
     xpcom/base/OwningNonNull.h \
     ipc/ipdl/ipdl/lower.py \
     ipc/ipdl/ipdl/builtin.py \
     dom/bindings/Codegen.py \
     python/lldbutils/lldbutils/utils.py

 # In our indiscriminate substitution above, we renamed
 # nsRefPtrGetterAddRefs, the class behind getter_AddRefs.  Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
    xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'

if [ -d .git ]; then
    git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
    hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi

--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
 2015-10-18 01:24:48 -04:00
Nathan Froyd
583afa0965 Bug 1207245 - part 3 - switch all uses of mozilla::RefPtr<T> to nsRefPtr<T>; r=ehsan 
This commit was generated using the following script, executed at the
top level of a typical source code checkout.

 # Don't modify select files in mfbt/ because it's not worth trying to
 # tease out the dependencies currently.
 #
 # Don't modify anything in media/gmp-clearkey/0.1/ because those files
 # use their own RefPtr, defined in their own RefCounted.h.
find . -name '*.cpp' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    grep -v 'mfbt/RefPtr.h' | \
    grep -v 'mfbt/nsRefPtr.h' | \
    grep -v 'mfbt/RefCounted.h' | \
    grep -v 'media/gmp-clearkey/0.1/' | \
    xargs perl -p -i -e '
 s/mozilla::RefPtr/nsRefPtr/g; # handle declarations in headers
 s/\bRefPtr</nsRefPtr</g; # handle local variables in functions
 s#mozilla/RefPtr.h#mozilla/nsRefPtr.h#; # handle #includes
 s#mfbt/RefPtr.h#mfbt/nsRefPtr.h#;       # handle strange #includes
'

 # |using mozilla::RefPtr;| is OK; |using nsRefPtr;| is invalid syntax.
find . -name '*.cpp' -o -name '*.mm' | xargs sed -i -e '/using nsRefPtr/d'

 # RefPtr.h used |byRef| for dealing with COM-style outparams.
 # nsRefPtr.h uses |getter_AddRefs|.
 # Fixup that mismatch.
find . -name '*.cpp' -o -name '*.h'| \
    xargs perl -p -i -e 's/byRef/getter_AddRefs/g'
 2015-10-18 00:40:10 -04:00
Phil Ringnalda
9ea53214d8 Merge f-t to m-c, a=merge 2015-10-17 11:19:46 -07:00
Phil Ringnalda
df1ce0b4c5 Merge m-i to m-c, a=merge 2015-10-17 10:16:55 -07:00
ffxbld
39d37ae7b8 No bug, Automated HPKP preload list update from host bld-linux64-spot-1092 - a=hpkp-update 2015-10-17 04:10:53 -07:00
ffxbld
7b8e76fcc8 No bug, Automated HSTS preload list update from host bld-linux64-spot-1092 - a=hsts-update 2015-10-17 04:10:51 -07:00
Masatoshi Kimura
82af783064 Bug 1207137 - Set a security state flag when weak crypto override is needed. r=keeler 2015-10-17 09:38:30 +09:00
David Keeler
3c1a47a734 bug 1215270 - remove some unused functions from nsNSSShutDown.h r=Cykesiopka 
nsNSSShutDownList::isUIActive() and areSSLSocketsActive() should probably have
been removed as part of bug 807757.
 2015-10-15 13:22:13 -07:00
Masatoshi Kimura
f4c563b057 Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler 
--HG--
rename : netwerk/test/unit/test_tls_server.js => security/manager/ssl/tests/unit/test_weak_crypto.js
 2015-10-15 05:48:27 +09:00
Carsten "Tomcat" Book
17a3104f22 Backed out changeset 66e3972e9150 (bug 1168635) 2015-10-14 16:28:41 +02:00
Masatoshi Kimura
00d864d313 Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler 
--HG--
rename : netwerk/test/unit/test_tls_server.js => security/manager/ssl/tests/unit/test_weak_crypto.js
 2015-10-14 21:12:35 +09:00
David Keeler
49f91fb31f bug 1209695 - fold mochitest test_bug413909.html into xpcshell test_cert_overrides.js r=mgoodwin 
test_bug413909.html doesn't need to be a mochitest. Furthermore,
test_cert_overrides.js tests a lot of the same functionality.
This just moves the unique parts from the old test to a new home
in the xpcshell test (to be specific, some IDN handling and that
"port" -1 is the same as port 443).
 2015-09-29 13:24:19 -07:00
Carsten "Tomcat" Book
a5c0ea6d4f Merge m-c to mozilla-inbound 2015-10-12 11:58:46 +02:00
Carsten "Tomcat" Book
2b1a321946 merge mozilla-inbound to mozilla-central a=merge 2015-10-12 11:57:06 +02:00
ffxbld
214a24da25 No bug, Automated HPKP preload list update from host bld-linux64-spot-138 - a=hpkp-update 2015-10-10 03:46:02 -07:00
ffxbld
8aa9ed515a No bug, Automated HSTS preload list update from host bld-linux64-spot-138 - a=hsts-update 2015-10-10 03:46:00 -07:00
Hiroyuki Ikezoe
3363f1775d Bug 1167627 - Part 6: Use mozinfo in security/. r=dkeeler 2015-10-11 21:49:00 +02:00
Ehsan Akhgari
e6a62c4d9d Bug 1213151 - Part 2: Use SpecialPowers.cleanUpSTSData() in a few tests; r=jdm 2015-10-09 10:56:19 -04:00
Cykesiopka
2be3b53afa Bug 1205962 - Address some pylint complaints about pycert.py and pykey.py, r=keeler 
Also adds more uses of enumerate() to simplify code.

--HG--
extra : amend_source : 758eee481fa2d93f984f090aaa443b3b5756fb1f
 2015-10-05 23:24:14 -07:00
David Keeler
9b75f2c0d5 bug 975763 - move test_certificate_overrides.html to test_cert_override_bits_mismatches.js r=mgoodwin 
test_certificate_overrides.html didn't need to be a mochitest.
 2015-09-29 12:39:54 -07:00
Carsten "Tomcat" Book
08997000eb Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE 
Backed out changeset 647025383676 (bug 1202902)
Backed out changeset d70c7fe532c6 (bug 1202902)
 2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central 
Backed out changeset cfc1820361f5 (bug 1202902)

--HG--
extra : rebase_source : 5d3db72337754bc7ab0ed0c30b2896100411ff92
 2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6 Bug 1202902 - Scripted fix the world. 2015-10-06 14:00:31 -07:00
Ben Kelly
65ad5a613b Bug 1210941 P10 Use LOAD_BYPASS_SERVICE_WORKER in nsNSSCallbacks. r=ehsan 2015-10-06 06:37:07 -07:00
Kate McKinley
5955ecaffd Bug 1191414 - gather telemetry on usage of <keygen>. r=keeler,r=vladan 
--HG--
extra : rebase_source : 69aed7cd26800c9a6c6975ab24bf3e5bb3c77730
 2015-09-22 09:52:58 -07:00
Nicholas Nethercote
7d1c7e0014 Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler. 
--HG--
extra : rebase_source : 74877baad7a7e019c7151efaad96d7b8ccc4b6f5
 2015-09-24 20:44:31 -07:00
Phil Ringnalda
1d51d1b32a Merge m-i to m-c, a=merge 2015-10-03 15:37:39 -07:00
ffxbld
30f46ea33e No bug, Automated HPKP preload list update from host bld-linux64-spot-410 - a=hpkp-update 2015-10-03 03:44:51 -07:00
ffxbld
bde4cad906 No bug, Automated HSTS preload list update from host bld-linux64-spot-410 - a=hsts-update 2015-10-03 03:44:49 -07:00
David Keeler
a81ffd22d7 bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert 2015-09-17 14:57:24 -07:00
Tooru Fujisawa
ab6dcb335c Bug 1207499 - Part 8: Remove use of expression closure from security/. r=keeler 
--HG--
extra : commitid : CRZpUoDhoRa
extra : rebase_source : b04cc9260a59cc53f406181c67e6db4560677022
 2015-09-23 18:42:19 +09:00
Kaspar Brand
f0941953dd Bug 278689 - Multiple Certificates with the same subject are not shown in the digital signature select cert combo (only one is shown) r=dkeeler 
--HG--
extra : rebase_source : 442661d99de1c5786c04d49cfcd96a672d3077be
 2015-09-05 07:52:00 +02:00
David Keeler
30706f9f69 bug 1187994 - remove unused file CryptoUtil.h r=jcj 
This probably should have been removed as part of bug 891066.
 2015-07-27 09:56:14 -07:00
David Keeler
ae6538ad30 bug 1203312 - split tlsserver certificates into ocsp_certs and bad_certs r=mgoodwin 
The B2G emulators apparently take ~5 minutes to read 50 certificates into
memory, which causes intermittent test timeouts. This is an attempt to
reduce the number of certificates needed to be read at any given time.

--HG--
rename : security/manager/ssl/tests/unit/tlsserver/badSubjectAltNames.pem.certspec => security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpoch.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpochINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/beforeEpochIssuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec => security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec => security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/eeIssuedByNonCA.pem.certspec => security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/eeIssuedByV1Cert.pem.certspec => security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expired-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expiredINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/expiredissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec => security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/inadequateKeySizeEE.pem.certspec => security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/inadequatekeyusage-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ipAddressAsDNSNameInSAN.pem.certspec => security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/md5signature-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/md5signature.pem.certspec => security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-notYetValid.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatch.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/mismatchCN.pem.certspec => security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/moz.build => security/manager/ssl/tests/unit/bad_certs/moz.build
rename : security/manager/ssl/tests/unit/tlsserver/noValidNames.pem.certspec => security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValid.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValidINT.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/notYetValidIssuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeCritical.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeCriticalWithExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/nsCertTypeNotCritical.pem.certspec => security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-issuer-ee.pem.certspec => security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec => security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec => security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/self-signed-EE-with-cA-true.pem.certspec => security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/selfsigned-inadequateEKU.pem.certspec => security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/selfsigned.pem.certspec => security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec => security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec => security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/unknownissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/untrusted-expired.pem.certspec => security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/untrustedissuer.pem.certspec => security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/v1Cert.pem.certspec => security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/delegatedSHA1Signer.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/delegatedSigner.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerFromIntermediate.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerNoExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ocspEEWithIntermediate.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/ocspOtherEndEntity.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec => security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
rename : security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec => security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/same-issuer-ee.pem.certspec => security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
rename : security/manager/ssl/tests/unit/tlsserver/test-int-ee.pem.certspec => security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
 2015-09-22 17:03:15 -07:00
David Keeler
74e470d1ac bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-24 15:53:07 -07:00
ffxbld
03aa14625c No bug, Automated HPKP preload list update from host bld-linux64-spot-363 - a=hpkp-update 2015-09-26 03:40:59 -07:00
ffxbld
1b40f22c12 No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update 2015-09-26 03:40:57 -07:00
Jonathan Hao
e2da61623b Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler 2015-09-07 15:28:21 +08:00
ffxbld
51c75f9eac No bug, Automated HPKP preload list update from host bld-linux64-spot-560 - a=hpkp-update 2015-09-19 03:46:51 -07:00
ffxbld
c354c7fbb7 No bug, Automated HSTS preload list update from host bld-linux64-spot-560 - a=hsts-update 2015-09-19 03:46:49 -07:00
Wes Kocher
21a9e609d5 Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures 2015-09-18 12:53:24 -07:00
David Keeler
4cfc799e53 bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-24 15:53:07 -07:00
Kate McKinley
163979ae9f Bug 1196039 - Telemetry for certificate lifetime. r=rbarnes,vladan 2015-09-17 10:04:52 -07:00
Nicholas Nethercote
647b520991 Bug 1201135 - Rename pldhash.{h,cpp} to PLDHashTable.{h,cpp}. r=mccr8. 
--HG--
rename : xpcom/glue/pldhash.cpp => xpcom/glue/PLDHashTable.cpp
rename : xpcom/glue/pldhash.h => xpcom/glue/PLDHashTable.h
extra : rebase_source : 06b9d30db96ed78500fd44d9c0b51609103508a3
 2015-09-15 20:49:53 -07:00
Ehsan Akhgari
e23a8d38a3 Bug 1205302 - Disallow intercepting OCSP requests; r=jdm 2015-09-16 19:15:32 -04:00
Nicholas Nethercote
2ee4fd783b Bug 1121760 (part 6) - Move all remaining PL_DHash*() functions into PLDHashTable. r=poiru. 
--HG--
extra : rebase_source : 3cdc975507170d783b02d70f7c7d95c6bf2e1bcd
 2015-09-14 14:23:47 -07:00
Nicholas Nethercote
59683492e5 Bug 1121760 (part 3) - Remove PL_DHashTableRemove(). r=poiru. 
--HG--
extra : rebase_source : c34d693de4aca45f2ea05c2767c8b1007c89df29
 2015-09-14 14:23:24 -07:00
Nicholas Nethercote
479244f7c9 Bug 1121760 (part 2) - Remove PL_DHashTableAdd(). r=poiru. 
--HG--
extra : rebase_source : 41eb939bfb5c925cba58b1af57abce9a4e5fdb30
 2015-09-14 14:23:12 -07:00
Nicholas Nethercote
fcfdd8f54b Bug 1121760 (part 1) - Remove PL_DHashTableSearch(). r=poiru. 
--HG--
extra : rebase_source : 770e1f49a451ecbadd778e071b204611e27cf701
 2015-05-21 00:34:25 -07:00
Shu-yu Guo
64db2267cf Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff) 2015-09-15 11:19:45 -07:00
Cykesiopka
2cdc0c814f Bug 443811 - Use long date format for cert date output. r=keeler 
--HG--
extra : rebase_source : cdd9b41b40125489e55171c1ece54bbd2a0cf947
 2015-09-13 23:33:00 +02:00
Richard Barnes
990593f9cf Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
ffxbld
c09a97364f No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update 2015-09-12 03:39:46 -07:00
ffxbld
28a278226f No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update 2015-09-12 03:39:44 -07:00
Mark Goodwin
b212375b7e Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler 
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
 2015-09-10 11:10:07 +01:00
Nicholas Nethercote
b1cf90c1e5 Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler. 
This avoids repeating the hash table search in order to remove the entry.
 2015-09-07 19:20:16 -07:00
ffxbld
41bdcbc2ac No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update 2015-09-05 03:41:54 -07:00
ffxbld
3ee4abd6a6 No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update 2015-09-05 03:41:52 -07:00
David Keeler
db0b8dcf48 bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj 
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
 2015-08-19 15:59:49 -07:00
ffxbld
d5250da6de No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2015-09-03 13:59:53 -07:00
ffxbld
1d00751ccd No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2015-09-03 13:59:50 -07:00
Masatoshi Kimura
dbfc3317da Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka 2015-09-03 21:50:52 +09:00
Nick Thomas
5744a154e2 Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka 2015-09-03 22:07:42 +12:00
Masatoshi Kimura
dbd45351dc Bug 1195789 - Update fallback whitelist. r=cykesiopka 2015-09-02 00:44:04 +09:00
Nicholas Nethercote
f44287005f Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium. 
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.

--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
 2015-08-27 20:44:53 -07:00
Cykesiopka
0d6549c972 Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler 
--HG--
extra : transplant_source : %90%28%11%DB%E53%93%7C%F2%D6%5Ek%CC%DC%BE%FAe%F2%896
 2015-08-24 22:53:42 -07:00
Xidorn Quan
dbaa85ce62 Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps 
--HG--
extra : source : 47b56f2495030d77c446215d8822c31fc32f23b7
 2015-08-25 10:07:43 +10:00
David Keeler
2ee5d006b7 bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-11 16:40:38 -07:00
Ryan VanderMeulen
5b75ad5195 Merge inbound to m-c. a=merge 2015-08-23 17:18:36 -04:00
Fabrice Desré
3a47f061c9 Bug 1196988 - Remove THA support. r=gwagner 2015-08-21 10:00:54 -07:00
Jonathan Griffin
369ec3ac0f Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 
--HG--
extra : commitid : 6kGKslC9h14
 2015-08-18 11:26:14 -07:00
Wes Kocher
fe6faf7d6b Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE 2015-08-18 11:58:05 -07:00
Christoph Kerschbaumer
10a7d6a5b9 Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) 2015-08-18 09:54:09 -07:00
Mark Goodwin
f2b116c0d6 Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler) 2015-08-21 15:14:08 +01:00
Ben Hearsum
c51baf3ae9 bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler 2015-08-20 17:50:51 -04:00
Cykesiopka
b4174da7d8 Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler 2015-08-20 14:33:29 -07:00
Jonathan Griffin
dde975f7a0 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 
--HG--
extra : commitid : FN6nc0Yis2o
 2015-08-18 11:26:14 -07:00
Arnaud Bienner
2755fa9a57 Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj 
--HG--
extra : rebase_source : 81df1495200d3734ea1c4c13818ae764a445f4b3
 2015-08-14 00:49:15 +02:00
David Keeler
23a9820f27 bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka 
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.

--HG--
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_prime256v1_256-int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_rsa_2048.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp224r1_224.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_secp256k1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_prime256v1_256-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
rename : security/manager/ssl/tests/unit/test_keysize/root_prime256v1_256.pem.certspec => security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
 2015-08-05 13:39:11 -07:00
David Keeler
70897766ec bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka 2015-08-03 17:02:58 -07:00
Aryeh Gregor
ff2ceb15ed Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj 2015-08-11 06:45:00 -04:00
Tanvi Vyas
7b0ea8ee04 Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler 2015-08-13 17:13:48 -07:00
Nathan Froyd
8f318ea950 Bug 1193021 - clean up reference-counting in security/; r=keeler 2015-07-01 13:10:53 -04:00
David Keeler
7ce068b7e9 bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka 
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
 2015-08-06 11:35:40 -07:00
David Keeler
948094db6e bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Carsten "Tomcat" Book
ba03e3c181 Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js 
Backed out changeset ebd4e3880403 (bug 1189427)
Backed out changeset 331e489c7534 (bug 1016555)
 2015-08-06 11:51:27 +02:00
Cykesiopka
d93ee984a0 Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley 
--HG--
extra : rebase_source : 8210ed5f89cec8c42d5a78b9101f1c54d91e04c6
 2015-08-05 07:51:00 +02:00
David Keeler
ae2c1351bc bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Birunthan Mohanathas
7315345693 Bug 1191100 - Remove XPIDL signature comments in .cpp files. r=ehsan 
Comment-only so DONTBUILD.
 2015-08-04 16:17:36 -07:00
David Keeler
59ef11f506 bug 1188100 - fold PSM's test_client_cert.js into necko's test_tls_server.js r=mcmanus 
--HG--
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.js => netwerk/test/unit/client_cert_chooser.js
rename : security/manager/ssl/tests/unit/test_client_cert/cert_dialog.manifest => netwerk/test/unit/client_cert_chooser.manifest
extra : amend_source : 249efd8e1bc537cf14b3199865df18b8aba62d10
 2015-07-29 14:27:54 -07:00
Carsten "Tomcat" Book
49d83b3b7d Merge mozilla-central to mozilla-inbound 2015-08-03 15:45:57 +02:00
ffxbld
abb4d538ee No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update 2015-08-01 03:34:19 -07:00
ffxbld
ae7af3ea3c No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update 2015-08-01 03:34:17 -07:00
ffxbld
b44231402a No bug, Automated HPKP preload list update from host bld-linux64-spot-010 - a=hpkp-update 2015-07-30 13:51:28 -07:00
ffxbld
eb03434709 No bug, Automated HSTS preload list update from host bld-linux64-spot-010 - a=hsts-update 2015-07-30 13:51:26 -07:00
Cykesiopka
8a9392bf5e Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler 
--HG--
extra : rebase_source : 4f0310323c3e7ac7e9e8c453d41aa0ef9cbd910a
 2015-07-29 23:56:33 -07:00
David Keeler
b49becac5d bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Bobby Holley
97b9240b34 Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj 2015-07-29 10:44:59 -07:00
Douglas Bagnall
5cea0a9df6 Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab 
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.

The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).

The default value is set to WORKSTATION.

This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2015-07-24 13:36:11 +12:00
David Keeler
1b1d908d0f bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj 2015-07-23 13:31:45 -07:00
David Keeler
3a4c2d822a bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka 
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
 2015-07-15 16:20:54 -07:00
Masatoshi Kimura
0e28f550d3 Bug 1181562 - Update fallback whitelist. r=keeler 2015-07-22 20:35:26 +09:00
Nicholas Nethercote
1ac7d5d5b1 Bug 1182959 (part 5) - Use nsTHashtable::Iterator in nsCertOverrideService. r=honzab. 
--HG--
extra : rebase_source : c36d0f9e4a2242a934e2848b6f977f33d6ac76cc
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
746d9d6e0a Bug 1182959 (part 4) - Remove BlocklistSaveInfo. r=honzab. 
--HG--
extra : rebase_source : c46e23885d97ef05504db32e0fd8cae05b55232a
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
6ceff73a0f Bug 1182959 (part 3) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 
--HG--
extra : rebase_source : 4df2d9845e7a04c11bc6076ea7844fba7b5ca3a9
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
e0bd2455c1 Bug 1182959 (part 2) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 
--HG--
extra : rebase_source : f2b69832a8f789919db84706591e96bcf4bd0a1d
 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
489123be0f Bug 1182959 (part 1) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 
--HG--
extra : rebase_source : cdef0d25cd3dcc63313ab391c0c7fe37d048eb1a
 2015-07-20 17:12:03 -07:00
David Keeler
b0d4abd2b1 bug 1178988 - GenerateOCSPResponse: load certs/keys in two phases r=Cykesiopka 
This was initially done to work around a readdir-related bug in the B2G ICS
emulator, but then it turned out that test_ocsp_url.js still fails in ways that
are unreproducible outside of mozilla-inbound on that platform, so it was
disabled (r=sworkman). It's still a good idea, though, to avoid any potential
future issues with readdir not being reentrant.
 2015-07-15 14:12:02 -07:00